[nSLUG] Chebucto Security

Jason Kenney jdkenney at gmail.com
Wed Jan 21 23:53:43 AST 2009


> But if you use Chebucto's PPP service, I would argue that you don't
> need to trust them. Correctly used (!), TSL encryption (https)
> guarantees the security of the endpoints, regardless of who might
> inspect the data along the way.  It guarantees that your browser is
> talking to the correct server (as vouched for by a commercial
> certificate authority), that no one has read your data along the
> way(*), and that if the data has been tampered with, this will be
> detected.
>
> So you don't need to trust the network between you and the bank, if
> the endpoints of the encryption are: you, and the bank.

You misunderstood.  This case would be the first I described.

In the third case, I was referring to using any (Chebucto or
otherwise) PPP (or high speed - anything directly connected to the
Internet through IP networking of some kind, NAT'd or not) connection
to access the shell on Chebucto (via telnet or ssh).


Note:  There are still levels of trust involved in the first case I
believe - you do inspect the certificate offered when visiting an
https site, right?  And would be able to distinguish between one that
has been faked/forged?  Without being capable of that, you are
trusting that the end point really is the end point you believe it is.
 You still have some trust that the network between you has not been
compromised.  For instance, you are still assuming the DNS system you
use is trustworthy.  The Kaminsky DNS vulnerability would have allowed
attackers to take advantage of anyone clicking "accept" to whatever
certificate was offered without inspecting closely at the very least
if I understood it correctly.  Perhaps they could have forged their
own certificate and certificate authority together, but I am getting
beyond my level of comfort in understanding now.  Or similarly you are
trusting that there is not a malicious administrator at your ISP
routing traffic destined for certain banking websites to his own
illicit server.  Of course such a person would be found out quickly -
but this discussion is pretty academic anyway.  You are still trusting
the end point really is the end point you believe it is, by trusting
in the network between you to some degree.

Jason



More information about the nSLUG mailing list